CVE-2023-40623— Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-40623
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1386
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP BusinessObjects Suite Installer 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP BusinessObjects Suite Installer是德国思爱普(SAP)公司的一个应用程序。 SAP BusinessObjects Suite Installer 420和430版本存在安全漏洞,该漏洞源于允许攻击者删除所有操作系统文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP BusinessObjects Suite (Installer) | 420 | - |
II. Public POCs for CVE-2023-40623
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-40623
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2023-09-12 · 12 CVEs total
| CVE-2023-40622 | 9.9 CRITICAL | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-40309 | 9.8 CRITICAL | Missing Authorization check in SAP CommonCryptoLib |
| CVE-2023-42472 | 8.7 HIGH | Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (W |
| CVE-2023-40308 | 7.5 HIGH | Memory Corruption vulnerability in SAP CommonCryptoLib |
| CVE-2023-40621 | 6.3 MEDIUM | Code Injection vulnerability in SAP PowerDesigner Client |
| CVE-2023-40624 | 5.5 MEDIUM | Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rende |
| CVE-2023-40625 | 5.4 MEDIUM | Missing Authorization check in SAP Manage Purchase Contracts App |
| CVE-2023-41367 | 5.3 MEDIUM | Missing Authentication check in SAP NetWeaver (Guided Procedures) |
| CVE-2023-37489 | 5.3 MEDIUM | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-41369 | 3.5 LOW | External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application) |
| CVE-2023-41368 | 2.7 LOW | Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps) |
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
V. Comments for CVE-2023-40623
No comments yet